TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
So based on all this information what would be the route of a packet from a phone to the internet?
-
What about all the other DHCP settings? What do the phones get as subnet mask, DNS, etc.?
-
I'm not asking about the Allworx system. I am asking about the physical phones. If you login to one of the phones web interfaces, what IP address would it use for its default gateway? To ask the same question with a different way of discovering the answer: What does the DHCP server for the physical phones hand out as the…
-
What IP address do the phones use for their default gateway and what device controls that IP address?
-
My opinion is leave the DMZ and Allworx WAN as is. Just because the phones had issues connecting to the internet doesn't mean the Allworx did too. Focus on the core issue, phone connectivity issues.
-
That cleans up the need for the DMZ for the Allworx WAN interface but doesn't solve for your original issue (phones not getting out to the internet). Did the Allworx have issues with connectivity with the Sonicwall in place? Do you even have admin access to the Allworx and are you comfortable troubleshooting it?
-
Come back with your thoughts. I prefer to provide guidance than straight answers. How would anyone learn?
-
No offense but I'm not going to do your job for you. You have to break things in order to fix them. Think about your goal and how to accomplish it step by step. Ask specific questions and I'll give specific answers.
-
@rmrk Your last statement is what you'll need to do. Change the SSLVPN Services group to contain object(s) that ALL users MUST have access to e.g. a domain controller / DNS server. Then you can either adjust 'VPN Access' permissions per user, or use groups with the appropriate 'VPN Access' settings and add users to the…
-
Unsurprisingly the wording is unclear. It's clear the MicrosoftRootStoreEnabled policy will be allowed temporarily, but not whether Edge will still look at the OS Cert Store post removal of said policy. The line I pointed out preceded any text about the policy. Who knows. Still good information to have.
-
You haven't given us the config rundown of your Sonicwall. I have seen this exact setup before and honestly these setups are terrible. Watchguards make no sense with their VLANs, how can they have an interface on a VLAN but also have a route to the VLAN thats not the interface? How does that make sense? What I have done in…
-
Thanks for pointing this out @BWC ! I think the key line here is: In addition to trusting the built-in roots that ship with Microsoft Edge, the browser will also query the underlying platform for—and trust—locally installed roots that users and/or enterprises installed. So locally trusted roots should, in theory, still…
-
This functionality is generally accepted as firewall industry standard or 'by design'. The logical flow of pinging a non-local 'up' firewall interface through a local firewall interface equates to a hairpin. No modern manufacturer I know of supports this.
-
MAP-E と DS-LITE はあくまでも提案です。 どちらの SONICWALL のサポートに関する情報も見つかりません。 それらが標準になるまで、Sonicwall がそれらをサポートすることは期待できません。 Sonicwall は NAT64 トランスレータとして機能できます。 For english speakers: MAP-E and DS-LITE are only proposals. I cannot locate any information regarding SONICWALL's support of either. Until they become standards I would not expect…
-
@jmathews Is this an supported configuration?